diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index a09664236e1..2c72b83f293 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -135,3 +135,13 @@ f463a55fd8c986743d78c035e143b461 71fb4e65038bc255edaf07dbec76bac5 76bf447ee9f0afb2854c3a8ff53ccddb ab04749c9f3ddc0445a3f44a7398b9f9 +4be0e0b7dcbfa7985ab1e337bfafa4a2 +85e83fef12d37bec604f1f22ae863236 +02bd6c0b4a2f4cab127191f125adc7ea +b094359a59d899b3026cedd328a6b4fb +d61674902f7df9f3dcab43faf5c7e158 +b04cdb0f097c48d1eac2cbd53fe0d572 +8f1f92b6da330becdfc35a3f40969131 +7638136db8294d06fabb612b6f7e5ef5 +38d91b20db9454630cde5e699f0f1e1d +a2a5785871a2aa0d27582585e383c5db diff --git a/data/cves.db b/data/cves.db index 7b513d6593f..46142c076c4 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 4668c078f0c..7bc5eafaa39 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 4be0e0b7dcbfa7985ab1e337bfafa4a2 + CVE-2023-23364 + 2023-09-22 04:15:00 + A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 ( 2023/03/29 ) and later Multimedia Console 1.4.7 ( 2023/03/20 ) and later + 详情 + + + + 85e83fef12d37bec604f1f22ae863236 + CVE-2023-23363 + 2023-09-22 04:15:00 + A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later + 详情 + + + + 02bd6c0b4a2f4cab127191f125adc7ea + CVE-2023-23362 + 2023-09-22 04:15:00 + An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later + 详情 + + + + b094359a59d899b3026cedd328a6b4fb + CVE-2023-31719 + 2023-09-22 00:15:00 + FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. + 详情 + + + + d61674902f7df9f3dcab43faf5c7e158 + CVE-2023-31718 + 2023-09-22 00:15:00 + FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. + 详情 + + + + b04cdb0f097c48d1eac2cbd53fe0d572 + CVE-2023-31717 + 2023-09-22 00:15:00 + A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. + 详情 + + + + 8f1f92b6da330becdfc35a3f40969131 + CVE-2023-31716 + 2023-09-22 00:15:00 + FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log + 详情 + + + + 7638136db8294d06fabb612b6f7e5ef5 + CVE-2023-5068 + 2023-09-21 23:15:00 + Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process. + 详情 + + + + 38d91b20db9454630cde5e699f0f1e1d + CVE-2023-4504 + 2023-09-21 23:15:00 + Due to failure in validating the length provided by an attacker-crafted PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. + 详情 + + + + a2a5785871a2aa0d27582585e383c5db + CVE-2023-43128 + 2023-09-21 23:15:00 + D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters. + 详情 + + a41132e7a4615dffb9b1f344ad988e2f CVE-2023-42807 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 5ddec74e1ec8fdf4a0c3a243f85acb01 - CVE-2023-43377 - 2023-09-20 19:15:00 - A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter. - 详情 - - - - 8d232916fa611389b5fbe6408ea2d019 - CVE-2023-43376 - 2023-09-20 19:15:00 - A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter. - 详情 - - - - c429f67fc28b9c6ee2d952515cfca94e - CVE-2023-43375 - 2023-09-20 19:15:00 - Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters. - 详情 - - - - 4c82fe0696154d0fa062de50317cbb70 - CVE-2023-43374 - 2023-09-20 19:15:00 - Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. - 详情 - - - - 06a60af972e4e4076a1e6197e407acdd - CVE-2023-43373 - 2023-09-20 19:15:00 - Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. - 详情 - - - - 36fea47ad554c845ad86105dfda6d4bb - CVE-2023-43371 - 2023-09-20 19:15:00 - Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php. - 详情 - - - - eabd76036824e6cdf2d145aa26b88993 - CVE-2023-40368 - 2023-09-20 19:15:00 - IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456. - 详情 - - - - b00f898b6afb085b52edf91cc7604aac - CVE-2023-39041 - 2023-09-20 19:15:00 - An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. - 详情 - - - - 277a9acff14579c00cfc353e6f0fd6d5 - CVE-2023-40619 - 2023-09-20 18:15:00 - phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized. - 详情 - - - - 522b82eaffebb2967bf05b47d036d542 - CVE-2023-40618 - 2023-09-20 18:15:00 - A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'. - 详情 - -